Data Governance Roles: Who Does What in a Modern Program
Data Governance Roles: Who Does What in a Modern Governance Program
Data governance roles define who is accountable, responsible, consulted, and informed across every data asset in an organization. The six core roles in 2026 are Chief Data Officer, Data Owner, Data Steward, Data Custodian, Data User, and Data Protection Officer.
Each role has specific responsibilities, decision authority, and reporting structures. Getting these distinctions right is the single biggest predictor of governance program success — and confusing them is the most common reason programs stall before they ever produce value.
This guide walks through every data governance role, RACI mappings, common staffing pitfalls, and how to adapt roles for AI-era governance where agents are also 'data users.'
The Six Core Data Governance Roles
1. Chief Data Officer (CDO) — The executive sponsor. Owns the overall program, secures budget, reports to the board. Without a named CDO, governance stalls.
2. Data Owner — Accountable for a specific data domain (customer, finance, product). Makes policy decisions, approves access, and is the buck-stops-here person for quality and compliance in their domain.
3. Data Steward — Responsible for day-to-day execution. Writes policies, maintains glossaries, runs quality checks, escalates incidents. Stewards are the operational muscle.
4. Data Custodian — Technical role, usually on the platform team. Implements the controls the stewards define. Runs the catalog, enforces access, manages infrastructure.
5. Data User — Anyone consuming data for decisions. Analysts, scientists, product managers, executives. In 2026 this also includes AI agents.
6. Data Protection Officer (DPO) — Required under GDPR for certain orgs. Independent role reporting to the board, focused on privacy compliance.
| Role | Level | Primary Responsibility |
|---|---|---|
| CDO | Executive | Strategy + budget |
| Data Owner | VP / Director | Domain accountability |
| Data Steward | Manager / IC | Policy execution |
| Data Custodian | Engineering IC | Technical implementation |
| Data User | Anyone | Consume responsibly |
| DPO | Director | Privacy compliance |
RACI for Data Governance Roles
The RACI matrix (Responsible, Accountable, Consulted, Informed) clarifies who does what across common governance tasks:
| Task | Accountable | Responsible |
|---|---|---|
| Approve a new access request | Data Owner | Data Steward |
| Write a data quality rule | Data Steward | Data Custodian |
| Respond to a GDPR request | DPO | Data Steward |
| Handle a data incident | Data Owner | Data Custodian |
| Update the glossary | Data Steward | Data Users |
| Review AI agent access policies | CDO | Data Owner + Security |
How AI Agents Change the Data Governance Roles Model
AI agents are now a new class of 'data user.' They need access controls, audit logs, and accountability, but unlike human users, they do not have managers or performance reviews. The solution: every AI agent maps to a human principal (the 'accountable human') who owns the agent's actions.
Data Workers enforces this mapping at the MCP tool layer. Every agent tool call records both the agent ID and the accountable human, so incidents can be traced to a responsible party. Read our AI data governance guide for the full framework.
Common Data Governance Roles Mistakes
- •No named CDO — the program has no executive air cover
- •Conflating owners and stewards — one person cannot do both for the same domain
- •Putting custodians in charge of policy — they own implementation, not direction
- •Forgetting the DPO role in GDPR-scope orgs
- •Failing to map AI agents to accountable humans
- •Hiring stewards without authority — they cannot enforce what they cannot decide
Staffing Ratios for Data Governance Roles
Rough staffing guidelines for a company with 50 data engineers and 500 analysts/users:
- •1 CDO
- •5-10 Data Owners (one per major domain)
- •10-20 Data Stewards (one per 25-50 active datasets)
- •2-5 Data Custodians on the platform team
- •1 DPO (independent of the CDO in GDPR-scope orgs)
Data governance roles are the skeleton of any governance program. Get them wrong and no framework, no tool, and no policy can save you. Get them right and the rest of the program takes care of itself. Start with a named CDO, domain owners with authority, and stewards with real job descriptions. Book a demo to see how Data Workers enforces role-based access at the MCP tool layer.
Go from data platform to
agentic platform.
With autonomous AI agents working across your entire data stack — MCP-native, open-source, deployed in minutes.
Book a Demo →Related Resources
- How to Implement Automated Data Governance with Claude Code — Learn how to automate data governance processes using Claude Code, a leading AI coding agent tool.
- Claude Code Data Governance Tutorial — Explore how to use Claude Code for effective data governance through this detailed tutorial, ensu…
- Using Claude Code for Data Governance: A Step-by-Step Guide — Explore our step-by-step guide on using Claude Code for effective data governance, integrating AI…
- Implementing Data Governance with Claude Code: A How-To Guide — Learn how to implement effective data governance using Claude Code to enhance compliance and secu…
- Best Practices for Implementing Data Governance in Modern Data Stacks — Explore the best practices for implementing data governance in modern data stacks, ensuring data…